> Note that after the above you're allowing TLS 1.0 by default, where you
> insisted on TLS 1.2 or higher before. Postfix parsing of the legacy
> protocol negations has not changed. But you should be using the
> preferred min/max forms.
I know you're saying nothing changed, but I'm telling yo
> Perhaps Postfix does not "listen" on the IPv6 address? You can use nc or lsof
> to find out.
>
See above where I said "worked fine before the update". "Worked fine" includes
external validation, i.e. direct email delivery and ipv6 test websites such as
internet.nl
For the records, I *th
Following a Debian Bookworm update I am now seeing connectivity issues that
were not present before (everything was working perfectly before)
Postfix on the instance starts up fine, i.e. indicating no configuration errors.
The error is:
$ openssl s_client -connect [IPV6_ADDRESS_REDACTED]:25 -sta
> $ postqueue; echo $?
> postqueue: fatal: usage: postqueue -f | postqueue -i queueid | postqueue -j |
> postqueue -p | postqueue -s site
> 69
>
> With an empty mail queue:
>
> $ postqueue -p; echo $?
> Mail queue is empty
> 0
>
> $ postqueue -j; echo $?
> 0
>
> $ postqueue -f; echo $?
> 0
> They should instead read output from "postqueue -j" which provides
> information in JSON format. JSON support was added in Postfix 3.1
> (i.e. in 2015).
>
What are the minimum permissions required for postqueue ?
postqueue run as an unprivileged user returns :
- no output
- 0 exit code
Bo
>
> Data collecting programs should use supported interfaces such as
> postqueue output. If the supported interfaces are not sufficient,
> people can ask for or contribute what's missing.
>
> Wietse
Thanks Wietse.
The only reason I was planning to use it is because, e.g. postfix-exporter for
In its default configuration, Postfix makes /var/spool/postfix/public/qmgr
world accessible whilst the parent directory /var/spool/postfix/public is not.
This means that metric gathering is not able to connect to
/var/spool/postfix/public/qmgr.
I'm guessing the wrong answer is to make the met
Why doesn't dovecot_destination_recipient_limit get a mention in the postconf
docs (https://www.postfix.org/postconf.5.html)
I discovered I needed it today because of an obscure error in my logs affecting
only certain mails.
Those mails worked again after dovecot_destination_recipient_limit=1
> I guess we are talking about your auth-user relay instance.
We are indeed. I am not touching the other instances.
>
> If that one does not get mail via smtp on port 25, or only gets mail from
> authenticated users via that port, you can move configuration to main.cf.
Indeed that is the
> in such case, it should also not be added into "smtp" service, unless Laura
> (OP) uses different instance for incoming mail (or has more services in
> master.cf)
>
Basically a derived version of
https://www.postfix.org/MULTI_INSTANCE_README.html
I have :
- Null instance
- Inbound instan
Sent with Proton Mail secure email.
On Wednesday, 7 August 2024 at 11:20, Viktor Dukhovni via Postfix-users
wrote:
> On Wed, Aug 07, 2024 at 09:29:35AM +0000, Laura Smith via Postfix-users wrote:
>
> > > You may want to check that with
> > >
> > >
> > 3/ Referenced it under
> > submissions inet n - y - - smtpd
> > submission inet n - y - - smtpd
> > smtp inet n - y - - smtpd
> >
> > using the same options setting for all three:
> > -o cleanup_service_name=myheadercleanup
>
>
> You may want to check that with
>
> postmulti -i postfix-my
I am running an instance of Postfix that is an authenticated relay.
Overall it is working great except user IPs are leaking through Received
headers.
I thought I configured it right, but obviously not.
Here's what I've done:
1/ Create header_checks file with the following:
/^Received:/ IGNORE
> My doubt is that since the outgoing email server identifies itself as
> host1.example.com in the EHLO, is there a requirement or even an
> expectation that postmas...@example.com will be able to receive email.
I think the reality is that we are in 2024, and the chances of a human reading
p
I too am interested in experiences with rspamd and LLMs, so if there is
anything people don't want to share on-list, please loop me in. :)
Thanks !
Laura
On Tuesday, 30 July 2024 at 18:51, Walt E via Postfix-users
wrote:
> Can you share your experience on LLM for rspamd? Any links/resources
>
> > I know you're desperately trying to finger point elsewhere but I'm
> > pretty sure you are barking up the wrong tree. Everything else
> > works, apart from postfix.
>
>
> At the risk of demonstrating my level of thick I have seen similar
> messages about "Temporary failure in name reso
> On Sun, Jul 28, 2024 at 09:45:45AM +0000, Laura Smith via Postfix-users wrote:
>
> > The reporting program is postfix/smtpd
> >
> > postconf output:
> >
> > smtp inet n - y - - smtpd
>
>
> It runs in a chroot jail, where likely /etc/resolv.c
> > But I cannot understand why. Running, e.g. "dig foo.example.com"
> > returns instantly with the IP address, no problems with resolution?
>
>
> Are you typing that command as root? Most Postfix daemons don't.
>
Yes, of course ! dig is a simple command that doesn't require root privilege
Note that my copy/paste messed up the formatting, of course my user= line is on
a seperate line:
hosts=foo.example.com
user=myuser
password=mypass
dbname=mydb
query=select foo from bar('%s')
___
Postfix-users mailing list -- postfix-users@postfix.org
To
I'm getting the following in my logs:
" warning: connect to pgsql server foo.example.com: could not translate host
name "foo.example.com" to address: Temporary failure in name resolution?"
But I cannot understand why. Running, e.g. "dig foo.example.com" returns
instantly with the IP address,
Sent with ProtonMail secure email.
--- Original Message ---
On Monday, April 25th, 2022 at 08:50, Dan Mahoney wrote:
> Even if fail2ban is “whack a mole”, you could also feed the data on auth
> spammers to an abuse-compaint script, and do your part to make the internet a
> little
--- Original Message ---
On Monday, April 25th, 2022 at 05:26, ミユナ wrote:
> do you know how to stop passwords from being brute-forced for a
> mailserver? do you have any practical guide?
>
Simple. You've got two options:
a) Use strong passwords (and if you run an automated password ch
I think the answer is in your question ?
Prefix 188. vs prefix 166. ?
Plus neither 188. or 166. are present in a forward lookup for
mailcluster.zen.co.uk ?
That's some truly messed up DNS you've got there ?
--- Original Message ---
>
> I get:
>
> root@mail:~# nslookup 188.39.73.166
>
I think the answer is in your question ?
Prefix 188. vs prefix 166. ?
Plus neither 188. or 166. are present in a forward lookup for
mailcluster.zen.co.uk ?
That's some truly messed up DNS you've got there ?
--- Original Message ---
>
> I get:
>
> root@mail:~# nslookup 188.39.73.166
>
--- Original Message ---
On Friday, February 4th, 2022 at 20:48, Jack Raats wrote:
>
> BUT:
>
> How to mail to an ipv4 only server?
>
> Which options do I have?
>
> Gr.,
>
> Jack Raats
That's really a question for your ISP to answer. ;-)
Basically there needs to be a gateway somewhe
> If you would file a bug in the Debian BTS with the details, I would
> appreciate it. I'd like to see what we can do in Debian to improve the
> situation.
>
> Thanks,
>
> Scott K
I'll try to remember to do so. The Postfix work I'm doing is a small part of a
bigger migration project that'll
Good news, I found the cause of of the problem.
I was using interface aliases to permit different postfix instances.
However these were configured in the traditional/legacy manner using
/etc/network/interfaces.
It seems that although the Postfix systemd unit employs the
"network-online.target"
> To debug, run as root:
>
> strace -f -o output-file /usr/libexec/postfix/master -w
>
> and look for the process that is created after fork().
On stdout I get a few lines of :
strace: decode_nlattr: [xlat 0x, dflt "AF_???", decoders 0x] size is
zero (going to pass nla_type as decoder a
Any ideas where to start troubleshooting the below ? The logs offer no further
hints or information as to what might have happened ?!?
postfix-authrelay/master[1179]: fatal: daemon initialization failure
postfix-inetgen/master[1195]: fatal: daemon initialization failure
postfix-authrelay/postfix-
> It is a fairly recent change, perhaps a year ago, that they return the .254
> and .255
> codes rather than just ignoring the request, as a hint that you need to fix
> your
> configuration.
>
>
Seems the change is dated 11/2/2021
(https://www.spamhaus.org/news/article/807/using-our-public-mi
On Saturday, 29 May 2021 16:55, Timo Geusch wrote:
> On 5/29/21 11:03 AM, Wietse Venema wrote:
>
> > Timo Geusch:
> >
> > > Based on zen.spamhaus.org's documentation 127.255.255.25[245] are
> > > actually error codes and not indicators of allow/denylisting - in this
> > > case, their error is tha
> Jun 8 06:49:08 mx postfix/dnsblog[21103]: addr 151.20.170.84 listed by domain
> .zen.dq.spamhaus.net as 127.0.0.10
>
> with the "" clearly displayed.
>
> have you a setting/map in postfix that simply prevents/filters the
> "" value from explicit entry in the logs?
>
> i haven't yetseen it in
> RIght now there is no other option for “pausing” spammers until they show up
> on my DNSBLs…
>
We're finding the Spamhaus paid lists do a good job of fresh spammers (IIRC
HBL and ZRD).
> The point here is
> that maybe this is just a small, insignificant, easy change that could
> be done that might make black folks feel less excluded and more
> interested in participating.
Give me a break.
Master/Slave, Blacklist/Whitelist in computing making black folks feel excluded
?
For h
I do not wish to become involved in this whole debate, in particular as I think
it is somewhat idiotic to seek to bring the whole Politically Correct debate to
inanimate objects such as computers or software programs.
However, I would like to say just one thing.
Before jumping on the hobbyhorse
> I wonder that two very new documents describe something that has been long
> recommended to avoid: postgrey
I agree. Greylisting is a primitive, last century "sledgehammer to crack a
nut".
It has no place in 2020's anti-spam.
> reject_rhsbl_helo dbl.spamhaus.org,
> reject_rhsbl_reverse_client dbl.spamhaus.org,
> reject_rhsbl_sender dbl.spamhaus.org,
> reject_rbl_client zen.spamhaus.org
> --8<
>
Bear in mind that whilst Spamhaus is great, to get the most out of i
On Tuesday, 26 May 2020 18:42, Jos Chrispijn wrote:
> Is there a way of Postfix sending a Whatsapp message to a user when there
> came in email for her/him?
>
> Thanks, Jos
>
> -- With both feet on the ground you can't make any step forward
Jos,
I'm a bit late to this discussion (and I have no
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Thursday, 28 May 2020 10:31, Ansgar Wiechers wrote:
> On 2020-05-27 Laura Smith wrote:
>
> > Is it somehow possilble to make use of discard(8) to /dev/null certain
> > addresses in a virtual
Hi,
Is it somehow possilble to make use of discard(8) to /dev/null certain
addresses in a virtual mailbox setup (e.g. virtual_alias_maps etc.) ? Or can
discard(8) only be applied to "real" receipients
Thanks
>
> I’ve been sort of opposed to greylisting in the past due to a userbase that’s
> sensitive to delays, but… the spam is worse.
>
IMHO Greylisting is rather pointless. Its a blunt tool, and not only that it
does that unforgivable thing of annoying genuine people.
I would hazard a guess that i
>
> Check the multi_instance name setting in themain.cf file of the
> affected instance.
>
> Was this instance created from scratch with postmulti, or was this
> imported as an already existing instance?
>
> I do not recall why the instance name is needed, that was designed
> in 2009.
>
> Wietse
Actually, I've been running them all with sudo, just when posting to the list I
accidentally omitted it when I was copy/pasting.
‐‐‐ Original Message ‐‐‐
On Friday, 22 May 2020 17:01, Wietse Venema wrote:
> Laura Smith:
>
> > Hi,
> > I'm on Postfix 3.4.10
Hi,
I'm on Postfix 3.4.10 and the following is driving me nuts:
$ postmulti -g mta -p status
postfix-authrelay/postfix-script: the Postfix mail system is running: PID: 28832
postfix-inetgen/postfix-script: the Postfix mail system is running: PID: 30572
$ sudo postmulti -i postfix-authrelay -p re
Hi,
Postfix is giving me a very unhelpful message of just "SASL plain
authentication failed:".
So I'm clueless as to where to start troubleshooting.
Dovecot config is as follows (I have tried both tcp and socket, both return the
same vague error) :
ssl = no
service auth {
unix_listener /var
‐‐‐ Original Message ‐‐‐
On Wednesday, 3 July 2019 12:49, Wietse Venema wrote:
> Laura Smith:
>
> > I've tried searching the internetz to no avail.
> > Bascially I'm setting up a secondary server.? Configs and SSL certs are all
> > in place.
> > T
I've tried searching the internetz to no avail.
Bascially I'm setting up a secondary server. Configs and SSL certs are all in
place.
This is the error I'm seeing:
postfix/smtp[10175]: warning: connect to private/tlsmgr: No such file or
directory
postfix
‐‐‐ Original Message ‐‐‐
On Tuesday, April 9, 2019 9:40 AM, Jim P. wrote:
> On Tue, 2019-04-09 at 08:22 +0000, Laura Smith wrote:
>
> > OpenDKIM is not signing my mails.
>
> .
>
> > KeyTable /etc/opendkim/KeyTable
>
> I think this sh
Based on the responses to my previous question about using OpenDKIM (quite what
"standards have not changed" has to do with software bugs makes no sense to me
!). However, having been told I'm stupid not to continue using software many
years old I thought I would suck it up and continue with Ope
Hi,
Am currently refreshing my perimeter mail infrastructure.
The current state of affairs of DKIM signing looks pretty miserable!
DKIMProxy seems to be abandonware since 2010
OpenDKIM seems to be going the way of abandonware too (last release in 2015 and
the bug tracker filling up).
I've had
On Saturday, October 13, 2018 2:02 AM, wrote:
> My suspicion is that this is NOT rising to "nuke the basatards" >smtp
> response, and that I should figure out how to get the >attention of the right
> persons (NOT 'customer service') at FinCo. >TBH, how to make that contact is
> beyond me; pu
On Thursday, October 11, 2018 6:51 PM, Viktor Dukhovni
wrote:
> On Thu, Oct 11, 2018 at 01:15:02PM -0400, Wietse Venema wrote:
>
> > Laura Smith:
> >
> > > RCPT TO:t...@example.com
> > > RENEGOTIATING
> >
> > Don't enter commands that start
On Thursday, October 11, 2018 6:15 PM, Wietse Venema
wrote:
> Laura Smith:
>
> > RCPT TO:t...@example.com
> > RENEGOTIATING
>
> Don't enter commands that start with R into OpenSSL.
>
> Wietse
Rats ! ;-)
Well, I guess that makes sense.
I've never seen this before, perhaps someone can throw light on it ?
Postfix 3.3.1
>openssl s_client -connect test.example.com:587 -starttls smtp
250 DSN
ehlo localhost
250-test.example.com
250-PIPELINING
250-SIZE 2048
250-ETRN
250-AUTH PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH
54 matches
Mail list logo
